Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn!

Browse Source 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
This commit is contained in:
azett 2020-12-19 14:02:27 +01:00
parent 5a0b7541e7
commit f265b22b0b
6 changed files with 771 additions and 778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
defaults.php
View File

@ -14,7 +14,6 @@
// We suggest not to define here your owns, but instead // We suggest not to define here your owns, but instead
// inmplementing them as plugins // inmplementing them as plugins
// legacy mode; needed with some ill-formed spb files // legacy mode; needed with some ill-formed spb files
define('DUMB_MODE_ENABLED', false); define('DUMB_MODE_ENABLED', false);
// default file permissions // default file permissions
@ -22,7 +21,6 @@
define('FILE_PERMISSIONS', 0777); define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777); define('DIR_PERMISSIONS', 0777);
// first some webserver setup... // first some webserver setup...
// here's where your server save session-related stuff. // here's where your server save session-related stuff.
@ -34,17 +32,20 @@
define('ABS_PATH', dirname(__FILE__) . '/'); define('ABS_PATH', dirname(__FILE__) . '/');
// here was blog root in earlier versions. This has been moved to config_load() // here was blog root in earlier versions. This has been moved to config_load()
// here are default config files // here are default config files
define('FP_DEFAULTS', 'fp-defaults/'); define('FP_DEFAULTS', 'fp-defaults/');
// all writable directories go here. // all writable directories go here.
define('FP_CONTENT', 'fp-content/'); // must be chmodded to 0777 define('FP_CONTENT', 'fp-content/'); // must be chmodded to 0777
// blog configurations files // blog configurations files
define('CONFIG_DIR', FP_CONTENT . 'config/'); // must be chmodded to 0777 define('CONFIG_DIR', FP_CONTENT . 'config/'); // must be chmodded to 0777
define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php'); define('CONFIG_FILE', CONFIG_DIR . 'settings.conf.php');
/**
*
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php'); define('HASHSALT_FILE', CONFIG_DIR . 'hashsalt.conf.php');
define('CONFIG_DEFAULT', FP_DEFAULTS . 'settings-defaults.php'); define('CONFIG_DEFAULT', FP_DEFAULTS . 'settings-defaults.php');
define('USERS_DIR', FP_CONTENT . 'users/'); define('USERS_DIR', FP_CONTENT . 'users/');
@ -54,7 +55,6 @@
define('CONTENT_DIR', FP_CONTENT . 'content/'); define('CONTENT_DIR', FP_CONTENT . 'content/');
// define('BLOCKS_DIR', CONTENT_DIR . 'blocks/'); // define('BLOCKS_DIR', CONTENT_DIR . 'blocks/');
// !!! CRITICAL !!! // !!! CRITICAL !!!
// all includes file // all includes file
define('FP_INCLUDES', 'fp-includes/'); define('FP_INCLUDES', 'fp-includes/');
@ -64,8 +64,6 @@
// smarty engine // smarty engine
define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/'); define('SMARTY_DIR', ABS_PATH . FP_INCLUDES . 'smarty/');
define('FP_INTERFACE', 'fp-interface/'); define('FP_INTERFACE', 'fp-interface/');
// theme dir // theme dir
define('THEMES_DIR', FP_INTERFACE . 'themes/'); define('THEMES_DIR', FP_INTERFACE . 'themes/');
@ -74,14 +72,11 @@
// misc forms // misc forms
define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/'); define('SHARED_TPLS', ABS_PATH . FP_INTERFACE . 'sharedtpls/');
// here is where all plugins are saved // here is where all plugins are saved
define('PLUGINS_DIR', 'fp-plugins/'); define('PLUGINS_DIR', 'fp-plugins/');
define('ADMIN_DIR', 'admin/'); define('ADMIN_DIR', 'admin/');
// cache file name and path. // cache file name and path.
define('CACHE_DIR', FP_CONTENT . 'cache/'); define('CACHE_DIR', FP_CONTENT . 'cache/');
define('CACHE_FILE', '%%cached_list.php'); define('CACHE_FILE', '%%cached_list.php');
@ -90,18 +85,15 @@
define('LOCKFILE', FP_CONTENT . '%%setup.lock'); define('LOCKFILE', FP_CONTENT . '%%setup.lock');
// these will be probably moved soon to plugins // these will be probably moved soon to plugins
// here is where all the uploaded images will be saved // here is where all the uploaded images will be saved
define('IMAGES_DIR', FP_CONTENT . 'images/'); define('IMAGES_DIR', FP_CONTENT . 'images/');
// here is where all the attachments will be saved // here is where all the attachments will be saved
define('ATTACHS_DIR', FP_CONTENT . 'attachs/'); define('ATTACHS_DIR', FP_CONTENT . 'attachs/');
define('LANG_DEFAULT', 'en-us'); define('LANG_DEFAULT', 'en-us');
define('BPT_SORT', SORT_DESC); define('BPT_SORT', SORT_DESC);
set_include_path(ABS_PATH); set_include_path(ABS_PATH);
// //
@ -141,10 +133,9 @@
if (!isset($_SERVER ['REQUEST_URI'])) if (!isset($_SERVER ['REQUEST_URI']))
$_SERVER ['REQUEST_URI'] = $serverport . 'localhost/flatpress/'; $_SERVER ['REQUEST_URI'] = $serverport . 'localhost/flatpress/';
#define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/'); // define('BLOG_ROOT', dirname($_SERVER['PHP_SELF']) . '/');
define('BLOG_ROOT', ('/' == ($v = dirname($_SERVER ['SCRIPT_NAME'])) ? $v : $v . '/')); define('BLOG_ROOT', ('/' == ($v = dirname($_SERVER ['SCRIPT_NAME'])) ? $v : $v . '/'));
define('BLOG_BASEURL', $serverport . $_SERVER ['HTTP_HOST'] . BLOG_ROOT); define('BLOG_BASEURL', $serverport . $_SERVER ['HTTP_HOST'] . BLOG_ROOT);
// //

10
fp-includes/core/core.fileio.php
View File

@ -2,7 +2,6 @@
// fileio.php // fileio.php
// low-level io-handling functions // low-level io-handling functions
function io_write_file($filename, $data) { function io_write_file($filename, $data) {
@umask(0); @umask(0);
$dir = dirname($filename); $dir = dirname($filename);
@ -26,15 +25,12 @@
return ($length == $done); return ($length == $done);
} }
} }
return false; return false;
} }
function io_load_file($filename) { function io_load_file($filename) {
if (file_exists($filename)) { if (file_exists($filename)) {
if (function_exists('file_get_contents')) if (function_exists('file_get_contents'))
return file_get_contents($filename); return file_get_contents($filename);
@ -55,4 +51,10 @@
return false; return false;
} }
function io_delete_file($filename) {
if (!file_exists($filename)) {
return false;
}
return unlink($filename);
}

9
fp-includes/core/core.system.php
View File

@ -59,15 +59,6 @@ function system_save($file, $array) {
// } else die('Wrong number of parameters!'); // } else die('Wrong number of parameters!');
} }
function system_hashsalt_save($force = false) {
global $fp_config;
if ($force || !file_exists(HASHSALT_FILE))
return system_save(HASHSALT_FILE, array(
'fp_hashsalt' => $fp_config ['general'] ['blogid'] . ABS_PATH . BLOG_BASEURL . mt_rand()
));
return true;
}
define('SYSTEM_VER', '1.2.dev'); define('SYSTEM_VER', '1.2.dev');
function system_ver() { function system_ver() {

32
fp-includes/core/core.users.php
View File

@ -31,24 +31,42 @@ function user_list() {
} }
function user_pwd($userid, $pwd) { function user_pwd($userid, $pwd) {
return wp_hash($userid . $pwd); return password_hash($userid . $pwd, PASSWORD_DEFAULT);
} }
function user_login($userid, $pwd, $params = null) { function user_login($userid, $pwd, $params = null) {
global $loggedin; global $loggedin;
$loggedin = false; $loggedin = false;
// get user data
$user = user_get($userid); $user = user_get($userid);
// user not found? get outta here
if (!isset($user) || !isset($user ['password'])) {
return $loggedin;
}
if (isset($user) && user_pwd($userid, $pwd) == $user ['password']) { // check the password
if (password_verify($userid . $pwd, $user ['password'])) {
$loggedin = true;
} //
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
elseif (wp_hash($userid . $pwd) == $user ['password']) {
$loggedin = true; $loggedin = true;
// re-hash password with current algorithm, ...
$user ['password'] = $pwd;
// ... save in user file ...
user_add($user);
// ... and update user data from re-read user file
$user = user_get($userid);
// after updating the user, we don't need the password hash file any more
io_delete_file(HASHSALT_FILE);
}
if ($loggedin) {
// session_regenerate_id(); // session_regenerate_id();
$expire = time() + 31536000; $expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
} }
@ -116,5 +134,3 @@ function user_add($user) {
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user')); return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
} }
?>

496
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -1,15 +1,17 @@
<?php <?php
/* These functions can be replaced via plugins. They are loaded after /*
plugins are loaded. */ * These functions can be replaced via plugins. They are loaded after
* plugins are loaded.
*/
function _get_nextprev_link($nextprev) { function _get_nextprev_link($nextprev) {
global $fpdb; global $fpdb;
$q = & $fpdb->getQuery(); $q = & $fpdb->getQuery();
list($caption, $id) = call_user_func(array(&$q, 'get'.$nextprev)); list ($caption, $id) = call_user_func(array(
&$q,
'get' . $nextprev
));
if (!$id) if (!$id)
return null; return null;
@ -20,46 +22,41 @@
if ($_SERVER ['QUERY_STRING']) { if ($_SERVER ['QUERY_STRING']) {
if (strpos($_SERVER ['QUERY_STRING'], 'paged') !== false) { if (strpos($_SERVER ['QUERY_STRING'], 'paged') !== false) {
$link = '?'.preg_replace( $link = '?' . preg_replace('{paged=[0-9]+}', "paged={$id}", $_SERVER ['QUERY_STRING']);
'{paged=[0-9]+}',
"paged={$id}",
$_SERVER['QUERY_STRING']
);
} else { } else {
$link = '?' . $_SERVER ['QUERY_STRING'] . "&paged={$id}"; $link = '?' . $_SERVER ['QUERY_STRING'] . "&paged={$id}";
} }
$link = str_replace('&', '&amp;', $link); $link = str_replace('&', '&amp;', $link);
} else { } else {
$link = "?paged={$id}"; $link = "?paged={$id}";
} }
} }
return array($caption, BLOG_BASEURL . $link); return array(
$caption,
BLOG_BASEURL . $link
);
} }
if (!function_exists('get_nextpage_link')) : if (!function_exists('get_nextpage_link')) :
function get_nextpage_link() {
function get_nextpage_link() {
global $fpdb; global $fpdb;
$q = & $fpdb->getQuery(); $q = & $fpdb->getQuery();
$a = _get_nextprev_link('NextPage'); $a = _get_nextprev_link('NextPage');
if ($q->single) { if ($q->single) {
$a [0] .= ' &raquo; '; $a [0] .= ' &raquo; ';
} }
return $a; return $a;
} }
endif; endif;
if (!function_exists('get_prevpage_link')) : if (!function_exists('get_prevpage_link')) :
function get_prevpage_link() {
function get_prevpage_link() {
global $fpdb; global $fpdb;
$q = & $fpdb->getQuery(); $q = & $fpdb->getQuery();
@ -74,8 +71,6 @@
endif; endif;
function wp_filter_kses($str) { function wp_filter_kses($str) {
return $str; return $str;
} }
@ -84,162 +79,160 @@
// WordPress pluggable functions // WordPress pluggable functions
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
/* /*
get_currentuserinfo() * get_currentuserinfo()
Grabs the information of the current logged in user, if there is one. Essentially a * Grabs the information of the current logged in user, if there is one. Essentially a
wrapper for get_userdata(), but it also stores information in global variables. * wrapper for get_userdata(), but it also stores information in global variables.
get_userdata($userid) * get_userdata($userid)
Pulls user information for the specified user from the database. * Pulls user information for the specified user from the database.
get_userdatabylogin($user_login) * get_userdatabylogin($user_login)
Pulls user information for the specified user from the database. * Pulls user information for the specified user from the database.
wp_mail($to, $subject, $message, $headers = '') * wp_mail($to, $subject, $message, $headers = '')
A convenient wrapper for PHP's mail function. * A convenient wrapper for PHP's mail function.
wp_login($username, $password, $already_md5 = false) * wp_login($username, $password, $already_md5 = false)
Returns true if the specified username and password correspond to a registered * Returns true if the specified username and password correspond to a registered
user. * user.
auth_redirect() * auth_redirect()
If a user is not logged in, he or she will be redirected to WordPress' login page before * If a user is not logged in, he or she will be redirected to WordPress' login page before
being allowed to access content on the page from which this function was called. * being allowed to access content on the page from which this function was called.
Upon sucessfully logging in, the user is sent back to the page in question. * Upon sucessfully logging in, the user is sent back to the page in question.
wp_redirect($location) * wp_redirect($location)
Redirects a browser to the absolute URI specified by the $location parameter. * Redirects a browser to the absolute URI specified by the $location parameter.
wp_setcookie($username, $password, $already_md5 = false, $home = * wp_setcookie($username, $password, $already_md5 = false, $home =
'', $siteurl = '') * '', $siteurl = '')
Sets the WordPress cookies for a logged in user. See WordPress Cookies. * Sets the WordPress cookies for a logged in user. See WordPress Cookies.
wp_clearcookie() * wp_clearcookie()
Clears the cookies for a logged in user. See WordPress Cookies. * Clears the cookies for a logged in user. See WordPress Cookies.
wp_notify_postauthor($comment_id, $comment_type='') * wp_notify_postauthor($comment_id, $comment_type='')
Emails the author of the comment's post the content of the comment specified. * Emails the author of the comment's post the content of the comment specified.
wp_notify_moderator($comment_id) * wp_notify_moderator($comment_id)
Informs the administrative email account that the comment specified needs to be * Informs the administrative email account that the comment specified needs to be
moderated. See General Options SubPanel. * moderated. See General Options SubPanel.
*/ */
if (!function_exists('get_currentuserinfo')) : if (!function_exists('get_currentuserinfo')) :
function get_currentuserinfo() { function get_currentuserinfo() {
/* global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity; /*
// *** retrieving user's data from cookies and db - no spoofing * global $user_login, $userdata, $user_level, $user_ID, $user_nickname, $user_email, $user_url, $user_pass_md5, $user_identity;
* // *** retrieving user's data from cookies and db - no spoofing
if (isset($_COOKIE['wordpressuser_' . COOKIEHASH])) *
$user_login = $_COOKIE['wordpressuser_' . COOKIEHASH]; * if (isset($_COOKIE['wordpressuser_' . COOKIEHASH]))
$userdata = get_userdatabylogin($user_login); * $user_login = $_COOKIE['wordpressuser_' . COOKIEHASH];
$user_level = $userdata->user_level; * $userdata = get_userdatabylogin($user_login);
$user_ID = $userdata->ID; * $user_level = $userdata->user_level;
$user_nickname = $userdata->user_nickname; * $user_ID = $userdata->ID;
$user_email = $userdata->user_email; * $user_nickname = $userdata->user_nickname;
$user_url = $userdata->user_url; * $user_email = $userdata->user_email;
$user_pass_md5 = md5($userdata->user_pass); * $user_url = $userdata->user_url;
* $user_pass_md5 = md5($userdata->user_pass);
$idmode = $userdata->user_idmode; *
if ($idmode == 'nickname') $user_identity = $userdata->user_nickname; * $idmode = $userdata->user_idmode;
if ($idmode == 'login') $user_identity = $userdata->user_login; * if ($idmode == 'nickname') $user_identity = $userdata->user_nickname;
if ($idmode == 'firstname') $user_identity = $userdata->user_firstname; * if ($idmode == 'login') $user_identity = $userdata->user_login;
if ($idmode == 'lastname') $user_identity = $userdata->user_lastname; * if ($idmode == 'firstname') $user_identity = $userdata->user_firstname;
if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname; * if ($idmode == 'lastname') $user_identity = $userdata->user_lastname;
if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname; * if ($idmode == 'namefl') $user_identity = $userdata->user_firstname.' '.$userdata->user_lastname;
if (!$idmode) $user_identity = $userdata->user_nickname; * if ($idmode == 'namelf') $user_identity = $userdata->user_lastname.' '.$userdata->user_firstname;
* if (!$idmode) $user_identity = $userdata->user_nickname;
*/ */
} }
endif; endif;
if (!function_exists('get_userdata')) : if (!function_exists('get_userdata')) :
function get_userdata($userid) {
/* global $wpdb, $cache_userdata;
$userid = (int) $userid;
if ( empty($cache_userdata[$userid]) && $userid != 0) {
$cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
$cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
}
return $cache_userdata[$userid]; function get_userdata($userid) {
/*
* global $wpdb, $cache_userdata;
* $userid = (int) $userid;
* if ( empty($cache_userdata[$userid]) && $userid != 0) {
* $cache_userdata[$userid] = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = $userid");
* $cache_userdata[$cache_userdata[$userid]->user_login] =& $cache_userdata[$userid];
* }
*
* return $cache_userdata[$userid];
*/ */
} }
endif; endif;
if (!function_exists('get_userdatabylogin')) : if (!function_exists('get_userdatabylogin')) :
function get_userdatabylogin($user_login) { function get_userdatabylogin($user_login) {
/* global $cache_userdata, $wpdb; /*
if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) { * global $cache_userdata, $wpdb;
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var * if ( !empty($user_login) && empty($cache_userdata[$user_login]) ) {
$cache_userdata[$user->ID] = $user; * $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$user_login'"); // todo: get rid of this intermediate var
$cache_userdata[$user_login] =& $cache_userdata[$user->ID]; * $cache_userdata[$user->ID] = $user;
} else { * $cache_userdata[$user_login] =& $cache_userdata[$user->ID];
$user = $cache_userdata[$user_login]; * } else {
} * $user = $cache_userdata[$user_login];
return $user; * }
* return $user;
*/ */
} }
endif; endif;
if (!function_exists('wp_mail')) : if (!function_exists('wp_mail')) :
function wp_mail($to, $subject, $message, $headers = '') { function wp_mail($to, $subject, $message, $headers = '') {
if ($headers == '') { if ($headers == '') {
$headers = "MIME-Version: 1.0\n" . $headers = "MIME-Version: 1.0\n" . "From: " . get_settings('admin_email') . "\n" . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
"From: " . get_settings('admin_email') . "\n" .
"Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
} }
return @mail($to, $subject, $message, $headers); return @mail($to, $subject, $message, $headers);
} }
endif; endif;
if (!function_exists('wp_login')) : if (!function_exists('wp_login')) :
function wp_login($username, $password, $already_md5 = false) { function wp_login($username, $password, $already_md5 = false) {
/* global $wpdb, $error; /*
* global $wpdb, $error;
if ( !$username ) *
return false; * if ( !$username )
* return false;
if ( !$password ) { *
$error = __('<strong>Error</strong>: The password field is empty.'); * if ( !$password ) {
return false; * $error = __('<strong>Error</strong>: The password field is empty.');
} * return false;
* }
$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'"); *
* $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) { *
$error = __('<strong>Error</strong>: Wrong username.'); * if (!$login) {
return false; * $error = __('<strong>Error</strong>: Wrong username.');
} else { * return false;
// If the password is already_md5, it has been double hashed. * } else {
// Otherwise, it is plain text. * // If the password is already_md5, it has been double hashed.
if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) { * // Otherwise, it is plain text.
return true; * if ( ($already_md5 && $login->user_login == $username && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
} else { * return true;
$error = __('<strong>Error</strong>: Incorrect password.'); * } else {
$pwd = ''; * $error = __('<strong>Error</strong>: Incorrect password.');
return false; * $pwd = '';
} * return false;
} * }
* }
*/ */
} }
endif; endif;
if (!function_exists('auth_redirect')) : if (!function_exists('auth_redirect')) :
function auth_redirect() { function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page // Checks if a user is logged in, if not redirects them to the login page
/* if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) && /*
!wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) || * if ( (!empty($_COOKIE['wordpressuser_' . COOKIEHASH]) &&
(empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) { * !wp_login($_COOKIE['wordpressuser_' . COOKIEHASH], $_COOKIE['wordpresspass_' . COOKIEHASH], true)) ||
header('Expires: Wed, 11 Jan 1984 05:00:00 GMT'); * (empty($_COOKIE['wordpressuser_' . COOKIEHASH])) ) {
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); * header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
header('Cache-Control: no-cache, must-revalidate, max-age=0'); * header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Pragma: no-cache'); * header('Cache-Control: no-cache, must-revalidate, max-age=0');
* header('Pragma: no-cache');
header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI'])); *
exit(); * header('Location: ' . get_settings('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
} * exit();
* }
*/ */
} }
endif; endif;
@ -247,6 +240,7 @@ endif;
// Cookie safe redirect. Works around IIS Set-Cookie bug. // Cookie safe redirect. Works around IIS Set-Cookie bug.
// http://support.microsoft.com/kb/q176113/ // http://support.microsoft.com/kb/q176113/
if (!function_exists('wp_redirect')) : if (!function_exists('wp_redirect')) :
function wp_redirect($location, $status = 302) { function wp_redirect($location, $status = 302) {
global $is_IIS; global $is_IIS;
@ -256,13 +250,15 @@ function wp_redirect($location, $status = 302) {
return false; return false;
$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location); $location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
# $location = wp_kses_no_null($location); // $location = wp_kses_no_null($location);
$location = preg_replace('/\0+/', '', $location); $location = preg_replace('/\0+/', '', $location);
$location = preg_replace('/(\\\\0)+/', '', $location); $location = preg_replace('/(\\\\0)+/', '', $location);
$strip = array(
$strip = array('%0d', '%0a'); '%0d',
'%0a'
);
$location = str_replace($strip, '', $location); $location = str_replace($strip, '', $location);
if ($is_IIS) { if ($is_IIS) {
@ -275,8 +271,8 @@ function wp_redirect($location, $status = 302) {
} }
endif; endif;
if (!function_exists('wp_setcookie')) : if (!function_exists('wp_setcookie')) :
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') { function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '') {
if (!$already_md5) if (!$already_md5)
$password = md5(md5($password)); // Double hash the password in the cookie. $password = md5(md5($password)); // Double hash the password in the cookie.
@ -305,6 +301,7 @@ function wp_setcookie($username, $password, $already_md5 = false, $home = '', $s
endif; endif;
if (!function_exists('wp_clearcookie')) : if (!function_exists('wp_clearcookie')) :
function wp_clearcookie() { function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
@ -313,14 +310,12 @@ function wp_clearcookie() {
} }
endif; endif;
if (!function_exists('check_admin_referer')) : if (!function_exists('check_admin_referer')) :
function check_admin_referer($action = -1) { function check_admin_referer($action = -1) {
$adminurl = BLOG_BASEURL . 'admin.php'; $adminurl = BLOG_BASEURL . 'admin.php';
$referer = strtolower(wp_get_referer()); $referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce(@$_REQUEST['_wpnonce'], $action) && if (!wp_verify_nonce(@$_REQUEST ['_wpnonce'], $action) && !(-1 == $action && strstr($referer, $adminurl))) {
!(-1 == $action && strstr($referer, $adminurl)) ) {
wp_nonce_ays($action); wp_nonce_ays($action);
die(); die();
} }
@ -328,10 +323,9 @@ function check_admin_referer($action = -1) {
} }
endif; endif;
if (!function_exists('wp_verify_nonce')) : if (!function_exists('wp_verify_nonce')) :
function wp_verify_nonce($nonce, $action = -1) {
function wp_verify_nonce($nonce, $action = -1) {
$user = user_get(); $user = user_get();
$uid = $user ['userid']; $uid = $user ['userid'];
@ -345,6 +339,7 @@ function wp_verify_nonce($nonce, $action = -1) {
endif; endif;
if (!function_exists('wp_create_nonce')) : if (!function_exists('wp_create_nonce')) :
function wp_create_nonce($action = -1) { function wp_create_nonce($action = -1) {
$user = user_get(); $user = user_get();
$uid = $user ['userid']; $uid = $user ['userid'];
@ -356,6 +351,12 @@ function wp_create_nonce($action = -1) {
endif; endif;
if (!function_exists('wp_salt')) : if (!function_exists('wp_salt')) :
/**
*
* @return NULL|unknown
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_salt() { function wp_salt() {
global $fp_config; global $fp_config;
static $salt = null; static $salt = null;
@ -371,116 +372,127 @@ function wp_salt() {
endif; endif;
if (!function_exists('wp_hash')) : if (!function_exists('wp_hash')) :
/**
*
* @param unknown $data
* @return string
* @deprecated as of FlatPress 1.2 - still here only to be able to update pre-1.2 credentials
*/
function wp_hash($data) { function wp_hash($data) {
$salt = wp_salt(); $salt = wp_salt();
return md5($data . $salt); return md5($data . $salt);
} }
endif; endif;
if (!function_exists('wp_notify_postauthor')) : if (!function_exists('wp_notify_postauthor')) :
function wp_notify_postauthor($comment_id, $comment_type = '') { function wp_notify_postauthor($comment_id, $comment_type = '') {
/* global $wpdb; /*
* global $wpdb;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); *
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); * $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1"); * $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
* $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID='$post->post_author' LIMIT 1");
if ('' == $user->user_email) return false; // If there's no email to send the comment to *
* if ('' == $user->user_email) return false; // If there's no email to send the comment to
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); *
* $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
$blogname = get_settings('blogname'); *
* $blogname = get_settings('blogname');
if ( empty( $comment_type ) ) $comment_type = 'comment'; *
* if ( empty( $comment_type ) ) $comment_type = 'comment';
if ('comment' == $comment_type) { *
$notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n"; * if ('comment' == $comment_type) {
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $notify_message = sprintf( __('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; * $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; * $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= __('You can see all comments on this post here: ') . "\r\n"; * $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title ); * $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
} elseif ('trackback' == $comment_type) { * $subject = sprintf( __('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title );
$notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n"; * } elseif ('trackback' == $comment_type) {
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $notify_message = sprintf( __('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n"; * $notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title ); * $notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
} elseif ('pingback' == $comment_type) { * $subject = sprintf( __('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title );
$notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n"; * } elseif ('pingback' == $comment_type) {
$notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $notify_message = sprintf( __('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message .= sprintf( __('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n"; * $notify_message .= __('Excerpt: ') . "\r\n" . sprintf( __('[...] %s [...]'), $comment->comment_content ) . "\r\n\r\n";
$subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title ); * $notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
} * $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title );
$notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n"; * }
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
* $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
if ('' == $comment->comment_author_email || '' == $comment->comment_author) { *
$from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>'; * if ('' == $comment->comment_author_email || '' == $comment->comment_author) {
} else { * $from = "From: \"$blogname\" <wordpress@" . $_SERVER['SERVER_NAME'] . '>';
$from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>"; * } else {
} * $from = 'From: "' . $comment->comment_author . "\" <$comment->comment_author_email>";
* }
$notify_message = apply_filters('comment_notification_text', $notify_message); *
$subject = apply_filters('comment_notification_subject', $subject); * $notify_message = apply_filters('comment_notification_text', $notify_message);
$message_headers = apply_filters('comment_notification_headers', $message_headers); * $subject = apply_filters('comment_notification_subject', $subject);
* $message_headers = apply_filters('comment_notification_headers', $message_headers);
$message_headers = "MIME-Version: 1.0\n" *
. "$from\n" * $message_headers = "MIME-Version: 1.0\n"
. "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n"; * . "$from\n"
* . "Content-Type: text/plain; charset=\"" . get_settings('blog_charset') . "\"\n";
@wp_mail($user->user_email, $subject, $notify_message, $message_headers); *
* @wp_mail($user->user_email, $subject, $notify_message, $message_headers);
return true; *
* return true;
*/ */
} }
endif; endif;
/* wp_notify_moderator /*
notifies the moderator of the blog (usually the admin) * wp_notify_moderator
about a new comment that waits for approval * notifies the moderator of the blog (usually the admin)
always returns true * about a new comment that waits for approval
* always returns true
*/ */
if (!function_exists('wp_notify_moderator')) : if (!function_exists('wp_notify_moderator')) :
function wp_notify_moderator($comment_id) { function wp_notify_moderator($comment_id) {
/* global $wpdb; /*
* global $wpdb;
if( get_settings( "moderation_notify" ) == 0 ) *
return true; * if( get_settings( "moderation_notify" ) == 0 )
* return true;
$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1"); *
$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1"); * $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
* $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
$comment_author_domain = gethostbyaddr($comment->comment_author_IP); *
$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); * $comment_author_domain = gethostbyaddr($comment->comment_author_IP);
* $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
$notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n"; *
$notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n"; * $notify_message = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
$notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; * $notify_message .= get_permalink($comment->comment_post_ID) . "\r\n\r\n";
$notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; * $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n";
$notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n"; * $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n";
$notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n"; * $notify_message .= sprintf( __('URI : %s'), $comment->comment_author_url ) . "\r\n";
$notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; * $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n";
$notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
$notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n"; * $notify_message .= sprintf( __('To approve this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=mailapprovecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n"; * $notify_message .= sprintf( __('To delete this comment, visit: %s'), get_settings('siteurl').'/wp-admin/post.php?action=confirmdeletecomment&p='.$comment->comment_post_ID."&comment=$comment_id" ) . "\r\n";
$notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n"; * $notify_message .= sprintf( __('Currently %s comments are waiting for approval. Please visit the moderation panel:'), $comments_waiting ) . "\r\n";
* $notify_message .= get_settings('siteurl') . "/wp-admin/moderation.php\r\n";
$subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title ); *
$admin_email = get_settings("admin_email"); * $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), get_settings('blogname'), $post->post_title );
* $admin_email = get_settings("admin_email");
$notify_message = apply_filters('comment_moderation_text', $notify_message); *
$subject = apply_filters('comment_moderation_subject', $subject); * $notify_message = apply_filters('comment_moderation_text', $notify_message);
* $subject = apply_filters('comment_moderation_subject', $subject);
@wp_mail($admin_email, $subject, $notify_message); *
* @wp_mail($admin_email, $subject, $notify_message);
return true; *
* return true;
*/ */
} }
endif; endif;

43
setup/lib/main.lib.php
View File

@ -1,14 +1,8 @@
<?php <?php
$err = array(); $err = array();
function print_done_fail($label, $bool) { function print_done_fail($label, $bool) {
echo echo "<li>", $label . ' <strong style="color :' . (($bool) ? 'green;">DONE' : 'red;">FAILED') . '</strong><br />', "</li>\n";
"<li>",
$label.' <strong style="color :' .
(($bool)? 'green;">DONE' : 'red;">FAILED') .
'</strong><br />',
"</li>\n";
} }
function config_exist() { function config_exist() {
@ -30,7 +24,6 @@ function remove_checkfile() {
} }
function setupid() { function setupid() {
global $setupid; global $setupid;
if (isset($_POST ['setupid'])) { if (isset($_POST ['setupid'])) {
$setupid = $_POST ['setupid']; $setupid = $_POST ['setupid'];
@ -39,14 +32,17 @@ function setupid() {
} }
return $setupid; return $setupid;
} }
function getstep(&$id) { function getstep(&$id) {
global $err; global $err;
$STEPS = array('locked', 'step1', 'step2', 'step3'); $STEPS = array(
'locked',
'step1',
'step2',
'step3'
);
$MAXST = count($STEPS) - 1; $MAXST = count($STEPS) - 1;
$i = 0; $i = 0;
@ -60,7 +56,6 @@ function getstep(&$id) {
if (!$setupid) if (!$setupid)
die('Setup is running'); die('Setup is running');
if (!file_exists(SETUPTEMP_FILE)) { if (!file_exists(SETUPTEMP_FILE)) {
if (empty($_POST)) if (empty($_POST))
$i = 0; $i = 0;
@ -69,13 +64,13 @@ function getstep(&$id) {
} else { } else {
$x = explode(',', io_load_file(SETUPTEMP_FILE)); $x = explode(',', io_load_file(SETUPTEMP_FILE));
if ($x [0] != $setupid) if ($x [0] != $setupid)
die('Setup is running: if you are the owner, you can delete ' . die('Setup is running: if you are the owner, you can delete ' . SETUPTEMP_FILE . ' to restart');
SETUPTEMP_FILE .' to restart');
$i = intval($x [1]); $i = intval($x [1]);
} }
@include ("./setup/lib/{$STEPS[$i]}.lib.php"); @include ("./setup/lib/{$STEPS[$i]}.lib.php");
if (!function_exists('check_step')) : if (!function_exists('check_step')) :
function check_step() { function check_step() {
return true; return true;
} }
@ -92,7 +87,6 @@ function getstep(&$id) {
} }
} }
} }
} }
$id = $STEPS [$i]; $id = $STEPS [$i];
@ -100,7 +94,6 @@ function getstep(&$id) {
return $i; return $i;
} }
function validate() { function validate() {
if (!ctype_alnum($_POST ['fpuser'])) if (!ctype_alnum($_POST ['fpuser']))
$err [] = "{$_POST['fpuser']} is not a valid username. $err [] = "{$_POST['fpuser']} is not a valid username.
@ -112,13 +105,11 @@ function validate() {
if (($_POST ['fppwd']) != ($_POST ['fppwd2'])) if (($_POST ['fppwd']) != ($_POST ['fppwd2']))
$err [] = "Passwords did not match"; $err [] = "Passwords did not match";
if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST['email']) || if (!(preg_match('!@.*@|\.\.|\,|\;!', $_POST ['email']) || preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST ['email'])))
preg_match('!^.+\@(\[?)[a-zA-Z0-9\.\-]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$!', $_POST['email'])))
$err [] = "{$_POST['email']} is not a valid email address"; $err [] = "{$_POST['email']} is not a valid email address";
$www = $_POST ['www']; $www = $_POST ['www'];
if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) if (!(preg_match('!^http(s)?://[\w-]+\.[\w-]+(\S+)?$!i', $www) || preg_match('!^http(s)?://localhost!', $www)))
|| preg_match('!^http(s)?://localhost!', $www)))
$err [] = "$www is not a valid URL"; $err [] = "$www is not a valid URL";
if ($www && $www [strlen($www) - 1] != '/') if ($www && $www [strlen($www) - 1] != '/')
$www .= '/'; $www .= '/';
@ -131,25 +122,15 @@ function validate() {
$fp_config ['general'] ['www'] = $user ['www'] = $www; $fp_config ['general'] ['www'] = $user ['www'] = $www;
$fp_config ['general'] ['email'] = $user ['email'] = $_POST ['email']; $fp_config ['general'] ['email'] = $user ['email'] = $_POST ['email'];
if (isset($err)) { if (isset($err)) {
$GLOBALS ['err'] = $err; $GLOBALS ['err'] = $err;
return false; return false;
} }
$fp_config ['general'] ['blogid'] = system_generate_id(BLOG_ROOT . $user ['www'] . $user ['email'] . $user ['userid']);
$fp_config['general']['blogid'] = system_generate_id(
BLOG_ROOT.
$user['www'].
$user['email'].
$user['userid']
);
config_save(); config_save();
system_hashsalt_save();
user_add($user); user_add($user);
return true; return true;